SecurityHome.eu Trojan.Downloader.JJRB

Home / malware PDF

Trojan.Downloader.JJRB

First posted on 21 November 2011.
Source: BitDefender
Aliases :
There are no other names known for Trojan.Downloader.JJRB.
Explanation :
When executed, the virus creates a thread that is going to allow it to bypass Zone Alarm. When Zone Alarm alerts the user that a program wants to access the internet, the virus finds that window, searches the text within it to see if it’s related to the virus name and then attaches to the thread that created the window so it can send input. The virus moves through the window controls(by simulating the tab key) and checks the option “Remember this setting” and then clicks the Allow button.

After the rule for the firewall was added, the virus tries to download and execute a file from:

http://www.freescan[hidden]/programs/winsock.exe. The downloaded file is currently detected as Generic.Malware.SIFYd.7e8A093d
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20